|
|
CVE Reference: CVE-2006-0818 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-0818 |
|
|
Description: Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full Windows or UNC pathname in the lang_settings parameter to mail/index.html, which is not properly sanitized by the validatefolder PHP function, possibly due to an incomplete fix for CVE-2005-4558. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/27780 ST 1016513 1016514 SAID Secunia Advisory: SA18953 Secunia Advisory: SA18966 MISC http://secunia.com/secunia_research/2006-14/advisory/ http://secunia.com/secunia_research/2006-12/advisory/ BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/440302/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/440297/100/0/threaded BID 19007 19002 |
|
| Return to the previous page. |
